Phishing emails are the bane of modern existence, where email is a necessary part of getting anything done, whether professionally or personally. Phishing emails are such a nuisance that they are still one of the leading causes of data breaches today.
But why, after years of having to deal with them, are they still making such an impact?
The simple answer is because phishing emails keep adapting, and they employ effective tactics like preying on people’s fear. It isn’t just businesses that struggle with the threat of phishing attacks. People are bombarded with them every day, whether through email, social media, or direct text messages.
Received a suspected phishing email (or message) today? Here’s what to do.
How Do Phishing Emails Work?
Phishing scams are created by criminals who use spam or emails that resemble communication from real entities to trick people. Usually, they get people to divulge important information but they may also infect a device with malware through links or attachments.
What to Do With a Phishing Email
- Stay Calm
Email clients generally do a great job with filtering out phishing emails these days, but one or two might still get through now and then. Don’t panic when that happens.
There are many types of phishing emails out there, but many of them commonly employ a sense of urgency. This is to get people to do what they want without thinking things through properly.
It’s important to remember that just because a phishing email is there, doesn’t mean the device is now compromised or infected with malware. Even if the email was opened or previewed using the mail client’s preview pane.
- Don’t Click on Any Links or Attachments
Phishing emails usually don’t pose a risk so long as people don’t interact with them. Never click on a link or open any attachments. If the email appears to be from a legitimate source, like a bank or online retailer, contact them directly instead and ask them about it.
Emails from friends aren’t safe either, as their accounts could have become compromised. Some phishing attacks proliferate by being shared by people who aren’t aware of what they are.
- Think it Through
If an email seems suspicious, even for no discernable reason, don’t interact with it. Rather be suspicious and stay safe than blindly trust anything an email says. Keep in mind that legitimate companies would never request confidential information via email. And their communication would also never be full of spelling mistakes.
An email or message could seem to be from a reliable source but may be a targeted phishing attack. Hackers track people’s online activities to create these attacks, also called spear-phishing attacks based on the websites they visit. They pretend to be that company and create a very realistic looking email that could fool even the best skeptics.
- Don’t Reply
Never, ever reply to a phishing email. Not only because it wouldn’t change a thing, but also because it alerts hackers that this is a real email account that someone is using. Scammers send out thousands of phishing emails to any email addresses they can find.
Someone who replies only confirms that they’re a viable target and that the scammers should target them. They will start sending even more phishing emails and maybe even targeted spear-phishing attempts.
- Report the Email and Delete It
Every email client should have a report function that people can use to report phishing emails. Report the email to alert them so they may filter similar emails in the future.
If someone received a phishing email on their work account, they may have to follow company’s security policy. Make sure to consult with IT, and follow their instructions if the phishing attempt needs to be reported to management as well.
- Take Preventative Security Measures
Even if nothing happened this time around, there’s no guarantee that a phishing attempt won’t slip under the radar and succeed tomorrow. That’s why it’s vital that everyone still take care to have security measures in place for their devices.
This includes two-factor authentication – if a password is stolen, attackers still can’t get into the account. It also means sticking to basic security rules like not reusing passwords, using a reliable antivirus program, and not storing sensitive information anywhere.
There are plenty of other tools that can help too, like password managers and email encryption tools. Using a VPN, for example, can also help ward off targeted phishing emails. What is a VPN? The technology keeps attackers from monitoring a person’s online traffic by encrypting their internet connection and some even have firewalls that prevent malware attacks.
Getting a phishing email is never a pleasant experience, but it’s important to stay calm. Remember that they can’t do any harm so long as no one interacts with them. The hardest part is recognizing a phishing email, and that’s what makes them so dangerous.